Merge remote-tracking branch 'origin/pr/2436' into mbedtls-2.16

* origin/pr/2436: Use certificates from data_files and refer them Specify server certificate to use in SHA-1 test refactor CA and SRV certificates into separate blocks refactor SHA-1 certificate defintions and assignment refactor server SHA-1 certificate definition into a new block define TEST_SRV_CRT_RSA_SOME in similar logic to TEST_CA_CRT_RSA_SOME server SHA-256 certificate now follows the same logic as CA SHA-256 certificate add entry to ChangeLog
2026-02-19 00:39:46 +00:00 · 2019-03-05 16:26:34 +00:00
parent 799cd57c72 e900969cb5
commit daed232dd7
3 changed files with 71 additions and 34 deletions
--- a/7
+++ b/7
@@ -37,6 +37,13 @@ Bugfix
     extensions in CSRs and CRTs that caused these bitstrings to not be encoded
     correctly as trailing zeroes were not accounted for as unused bits in the
     leading content octet. Fixes #1610.
+   * Server's RSA certificate in certs.c was SHA-1 signed. In the default
+     mbedTLS configuration only SHA-2 signed certificates are accepted.
+     This certificate is used in the demo server programs, which lead the
+     client programs to fail at the peer's certificate verification
+     due to an unacceptable hash signature. The certificate has been
+     updated to one that is SHA-256 signed. Fix contributed by
+     Illya Gerasymchuk.

 Changes
   * Include configuration file in all header files that use configuration,